This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers, click the "Reprints" link at the top of any article.

Focus on Terror Risks Fades

9/11 and the crises since have expanded risk managers’ roles and perspectives on preparing for disasters.

A decade ago, the staggering attack on the Pentagon and the World Trade Center brought down the Twin Towers, shut down New York’s financial district and sparked the global war on terror. It also elevated the role of risk managers in the corporate hierarchy.

The next few years brought a focus on business continuity planning, backing up corporate records, hardening central offices and key facilities, plans to protect employees and, of course, buying terrorism insurance.

“Many more risk managers now have the letters VP or SVP in front of their names,” notes Janet Kerr, vice president for risk management at Boston Properties, and the job has become more complex.

In the immediate aftermath of 9/11, companies wanted to protect personnel and property against attack. “You’re still running a business,” notes Ben Tucker, leader of the property specialized risk group at Marsh. “You want people to be able to get to their desks. They can’t be standing in line all morning.”

Since 9/11, companies have been plagued by a stunning set of crises—hurricanes and floods, unprecedented oil spills, possible pandemics, earthquakes, and devastating tsunamis and nuclear meltdowns that disrupted global supply chains—on top of a historic financial crisis and a prolonged, deep recession.

“What you see a lot of is ‘just-in-time’ risk management,” says Gary Lynch, global leader of the supply chain risk management practice at Marsh. “We seldom hear from clients about terror concerns. Now it’s all about organized crime and security of inventory, IT and intellectual property—and supply chains.” Terrorism is now seen as “an isolated event that only affects a small part of a company’s operation,” he says.

It is also much easier to insure against acts of terrorism—especially in the United States, where the Terrorism Risk Insurance Act of 2002 established a fund to backstop such coverage at least through 2013. Sixty-one percent of U.S. firms buy terrorism coverage, compared with only 27% in 2003, and the terror insurance market is actually “soft,” with costs declining this year, and down 70% from 2001, says Aaron Davis, managing director of Aon Risk Solutions’ national property practice.

Companies have learned the hard way that many other things can cause much bigger losses to a business than terrorism.

“It was kind of shocking to discover how far up the supply chain you had to look” to protect your company against a serious supply disruption, says Lynch, noting how a few small but key components made in Japan brought most of the U.S. auto industry to a virtual standstill after the earthquake/tsunami/meltdown disaster.

Companies want to plan for the worst case scenario no matter what the cause is. “What CFOs and other executives are saying now to risk managers is, “I know you guys can’t quantify the risk of a disaster, but you can show what a worst case would mean,” Lynch says.

He cites the case of a French consumer products company that had acquired its North American competitors and wanted to save money by consolidating the distribution system.

“They had one center that cost 23 cents per unit and another that cost $13 to move product through the system. They were about to do the obvious thing and consolidate everything into one cheap mega-center, when the risk manager pointed out that if that one center went down, it would take 56 to 64 weeks to recover,” he says. Management decided to spend $1 million to establish a second center, paring recovery time from the loss of one center down to 17 weeks, saving the company $200 million in the event of a disaster.

But even as risk managers’ focus shifts away from terrorism to other risks, they will continue to keep one eye on the terror threat. Explains Marsh’s Lynch, “The thing is, you can model natural disasters and assess the probability of something happening, but you cannot model man-made risk, or estimate the damage it can do.”

Treasury & Risk

Treasury & Risk is an online publication and robust website designed to meet the information needs of finance, treasury, and risk management professionals. Our editorial content, delivered through multiple interactive channels, mixes strategic insights from thought leaders with in-depth analysis of best practices, original research projects, and case studies with corporate innovators.